News

The UK government has announced plans to introduce new legislation, aiming to improve the security of digital identity solutions. The rules are designed to enhance trust in digital identities and scaling down reliance on physical documents such as passports and driving licenses. The UK’s Department for Digital, Culture, Media and Sport (DCMS) made the announcement following a public consultation period. It is possible to access digital identity solutions in several ways, including via a phone app...

Security researchers have warned pro-Ukrainian actors of employing DDoS tools to attack Russia, as they may be ridden with info-stealing malware. In late February, Ukrainian vice prime minister, Mykhailo Fedorov, called for a volunteer “IT army” of hackers to DDoS Russian targets. Cisco Talos has claimed that many cyber criminals are attempting to exploit the outpouring of support for Ukraine, amidst the Russian invasion of the country. The organisation detected several posts on Telegram offering DDoS tools...

This week, smart vulnerability management provider Edgescan has published the findings of its 2022 Vulnerability Statistics Report, which for the 7th year running offers a comprehensive view of the state of vulnerability management globally. The report reveals that organizations are still taking nearly two months to remediate critical risk vulnerabilities, with the average mean time to remediate (MTTR) across the full stack set at 60 days. High rates of “known” (i.e. patchable) vulnerabilities which have...

The tech giant Microsoft has claimed that encouraging women into cybersecurity jobs is "mission critical" to addressing the labour shortage in the cybersecurity industry. The company's corporate vice president of security, compliance, identity and management, Vasu Jakkal argues that diversity is sorely needed in the industry in order to address the evolving threat landscape and relieving overburdened IT teams. A lack of female representation in cybersecurity is fuelling unequal pay and insufficient support for women,...

The prolific Conti ransomware collective spent millions on salaries, tools and services throughout 2021. The recent leak of the pro-Russia group's internal chats by a Ukrainian researcher, analysed by security vendor BreachQuest, has revealed fascinating insights into the workings of the operation. The group's structure is not dissimilar to that of a legitimate business, with an HR and recruitment lead, someone in charge of its data leak blog, a training specialist, a blockchain lead and...

Professor John Goodacre, challenge director – Digital Security by Design, UKRI, and Professor of Computer Architectures, The University of Manchester, told attendees at the last leg of the DSbD roadshow in Wales that the UK is on the path to "cyber disaster". He claimed that the current approach of discovering and patching vulnerabilities is growing unsustainable as the digital revolution storms on - particularly in regards to the growth of IoT devices. “Even with the...

A global leader in WordPress security and threat intelligence, Patchstack, recently released a whitepaper highlighting the sorry state of WordPress security in 2021. Reported vulnerabilities grew 150% in 2021 from the previous year. Perhaps most alarmingly, 29% of the critical flaws in WordPress plugins never received an update. WordPress is used in 43.2% of websites and is the most popular content management system on the planet, making the report worrying reading.  

A new FBI report has revealed that at least 52 critical national infrastructure (CNI) entities have been compromised by a ransomware variant. The FBI has claimed that organisations across 10 CNI sectors had been impact as of January this year.# Key sectors include manufacturing, financial services, government and IT. A prolific ransomware variant has compromised at least 52 critical national infrastructure (CNI) entities, a new FBI report has revealed. The group has change it's tools,...

A group with ties to China tracked as TA416 but widely known as Mustang Panda has targeted European diplomats since August 2020. The most recent activity employs refreshed lures to coincide with the Russian invasion of Ukraine. A new report by Proofpoint found that TA416 leads cyber-espionage campaigns against the EU, focusing on long-term goals rather than opportunistic gains. The group has not changed their methods since the campaign began, making easy work for analysts.

https://vimeo.com/683449370/53eb067506   Armis, unified asset visibility and security company, announced the discovery of three zero-day vulnerabilities in APC Smart-UPS devices that can allow attackers to gain remote access. If exploited, these vulnerabilities, collectively known as TLStorm, allow threat actors to disable, disrupt, and even destroy APC Smart-UPS devices and attached assets, researchers have warned.   Uninterruptible power supply (UPS) devices provide emergency backup power for mission-critical assets in data centres, industrial facilities, hospitals, and more....